diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-08-12 15:17:57 +0200 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-09-03 09:42:15 -0300 |
| commit | d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 (patch) | |
| tree | 490946e5437ffb064fe1f2e655f7e6566d8c7257 /django/utils/html.py | |
| parent | 705066d186ce880bf64142e47084f3d8df3c2352 (diff) | |
[4.2.x] Fixed CVE-2024-45230 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report.
Diffstat (limited to 'django/utils/html.py')
| -rw-r--r-- | django/utils/html.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/django/utils/html.py b/django/utils/html.py index 23575d3c11..df38c20519 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -395,14 +395,17 @@ class Urlizer: potential_entity = middle[amp:] escaped = html.unescape(potential_entity) if escaped == potential_entity or escaped.endswith(";"): - rstripped = middle.rstrip(";") - amount_stripped = len(middle) - len(rstripped) - if amp > -1 and amount_stripped > 1: - # Leave a trailing semicolon as might be an entity. - trail = middle[len(rstripped) + 1 :] + trail - middle = rstripped + ";" + rstripped = middle.rstrip(self.trailing_punctuation_chars) + trail_start = len(rstripped) + amount_trailing_semicolons = len(middle) - len(middle.rstrip(";")) + if amp > -1 and amount_trailing_semicolons > 1: + # Leave up to most recent semicolon as might be an entity. + recent_semicolon = middle[trail_start:].index(";") + middle_semicolon_index = recent_semicolon + trail_start + 1 + trail = middle[middle_semicolon_index:] + trail + middle = rstripped + middle[trail_start:middle_semicolon_index] else: - trail = middle[len(rstripped) :] + trail + trail = middle[trail_start:] + trail middle = rstripped trimmed_something = True |